Question: 1.) In Packet Tracer, add a 2960 switch, a 2901 router, and two PCs. Connect the devices to the switch using Copper Straight-Through cables. 2.)
1.) In Packet Tracer, add a 2960 switch, a 2901 router, and two PCs. Connect the devices to the switch using Copper Straight-Through cables.
2.) Enter the commands in Table to configure the router’s interface and a DHCP pool on the router.
Configure the Router With a DHCP Pool
Command | Purpose |
enable | Enters privileged EXEC mode |
configure terminal | Enters global configuration mode |
interface gigabit0/0 | Enters interface configuration mode for GigabitEthernet0/0 |
ip address 192.168.2.1 255.255.255.0 | Assigns network information to the interface |
no shut and press Enter to return to the prompt | Enables the port |
exit | Returns to global configuration mode |
ip dhcp pool MyPool | Creates a DHCP pool named MyPool and enters DHCP configuration mode |
network 192.168.2.0 255.255.255.0 | Assigns network information to the DHCP pool |
default-router 192.168.2.1 | Assigns a default gateway to the DHCP pool |
do show ip dhcp pool | Displays DHCP pool configuration information |
exit | Returns to global configuration mode |
3.) On each PC, request a DHCP assignment. In some cases, it might take a couple of tries for the DHCP assignment to succeed. If it still doesn’t work, do some troubleshooting to figure out the problem and fix it. What IP address was assigned to each PC? What is the default gateway address for both PCs?
3B.) Suppose an attacker brings their own DHCP server to your network. The attacker configures their device as the default gateway so your PCs start sending their traffic to the wrong device. Complete the following steps:
4.) Add a server to your workspace. Do NOT yet connect the attacker’s server to your network. Make the following configurations to the server first:
Set the server’s static IP address to 192.168.2.20/24.
Turn on the server’s DHCP service. Set the pool’s default gateway address to 192.168.2.20 and its start IP address to 192.168.2.21/24. Be sure to save these settings.
Use a Copper Straight-Through cable to connect the hacker’s server to your switch.
5.) After the server’s connection with the switch activates, at PC0’s Command Prompt, enter the command ipconfig /release and then enter the command ipconfig /renew. What information does PC0 receive? Which DHCP server did it get its assignment from?
To protect your network, you need to enable DHCP snooping on the switch. This will ensure that DHCP responses can only come from an approved DHCP server. Complete the following steps:
6.) Enter the commands in Table to configure DHCP snooping on the switch.
Configure the Switch for DHCP Snooping
Command | Purpose |
enable | Enters privileged EXEC mode |
configure terminal | Enters global configuration mode |
ip dhcp snooping | Enables DHCP snooping globally on the switch |
ip dhcp snooping vlan 1 | Enables DHCP snooping for VLAN 1 |
do show ip dhcp snooping | Displays current DHCP snooping configuration; confirm DHCP snooping is configured for VLAN 1 |
7.) Now that DHCP snooping is enabled on your switch, no DHCP responses are currently allowed because, by default, all ports on untrusted. To test this, at PC0’s Command Prompt, enter the command ipconfig /release and then enter the command ipconfig /renew. What information does PC0 receive?
8.) For the legitimate DHCP server to work on your network, you need to tell the switch which port it should trust for DHCP responses. Enter the commands in Table to configure a trusted DHCP port on the switch.
Configure a trusted port on the switch for DHCP responses
Command | Purpose |
no ip dhcp snooping information option | Disables the unneeded Option 82 in DHCP snooping |
interface gigabitethernet0/1 | Enters interface configuration mode for GigabitEthernet0/1, which is connected to the router |
ip dhcp snooping trust | Designates this port as a DHCP trusted port because it is attached to the DHCP server |
exit | Returns to global configuration mode |
do show ip dhcp snooping | Displays current DHCP snooping configuration; confirm configuration matches that shown in Figure 11-39 |
copy run start and press Enter to accept the default filename | Saves the current settings |
9.) Now that DHCP snooping is trusted on the correct port on your switch, DHCP responses should be allowed from the legitimate DHCP server. To test this, at PC0’s Command Prompt, enter the command ipconfig /release and then enter the command ipconfig /renew. What information does PC0 receive? Which DHCP server did it get its assignment from? How do you know?
10.) Confirm that PC1 can also still receive DHCP information from the legitimate DHCP server. Does it work? How do you know?
11.) To see the switch’s new records for DHCP assignments on the network, on the switch’s CLI in privileged EXEC mode, enter the command show ip dhcp snooping binding. How many addresses are listed in the switch’s DHCP snooping binding table? Notice the Type for each record is labeled “dhcp-snooping” to indicate the switch learned this information through DHCP snooping.
12.) To see which ports the switch trusts for DHCP responses, on the switch’s CLI in privileged EXEC mode, enter the command show ip dhcp snooping. How many interfaces are listed? How many of these interfaces are trusted?
13.) Position your network devices and the switch’s CLI console to show your network topology and the output on the switch for Steps 11 and 12. Take a screenshot
Step by Step Solution
There are 3 Steps involved in it
It seems like youve provided a detailed set of instructions for configuring a network setup using Packet Tracer and implementing DHCP snooping for sec... View full answer
Get step-by-step solutions from verified subject matter experts
Study Help